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METHOD AND APPARATUS FOR UPDATING WEB CERTIFICATES 

Field Of The Invention 

1 0 The invention relates generally to systems and methods for updating data in 

communications systems, and more particularly to methods and systems for updating web 

y certificates. 

^ Background Of The Invention 

^ 15 

O The use of certificates, or other data structures for purposes of information 

L, security is well known. For example, in public key infrastructures, public key certificates 

W are issued by trusted root certification authorities (CA's) to allow users to confirm that 

p public encryption keys and public verification keys have not expired for other users of the 

S 20 system so that information may be suitably encrypted or a digital signature may be 

verified based on a certificate issued by, and maintained by, a certification authority. As 
known in the art, web certificates are typically different from public key certificates since 
web certificates are typically not managed by a trusted certification authority. 

25 For example, different suppliers of web browsers may incorporate root CA 

certificates issued by many different sources. Each of these sources may issue a 
certificate with differing expiration dates. Management of the root CA certificates by a 
trusted authority is typically not used. Accordingly, a problem arises when different 
versions of web browsers are used by different users. For example, an older version of a 

30 web browser may have root CA certificates that expire sooner than root CA certificates 
that may be embedded in newer versions of web browsers. Accordingly, various 



2 



certificate issuing entities may serve as different root CA's and issue certificates having 
differing expiry periods. When a root CA certificate expires, all servers which have web 
certificates that were issued by that CA will no longer be trusted by any browser which 
contains only the expired certificate for that CA. 

5 

For a conventional web model, there is typically no way to detect the expiration 
of a web certificate prior to a request for a session with a web server. For example, web 
certificates that are preinstalled with web browsers from different issuers are typically not 
continually checked by the web browser to insure that they have not expired. Typically, 

1 0 a user will only be informed of a problem when the web browser attempts to set up a 
secure session with a web server. If the web certificate has expired, the session is not 
granted. One proposed solution has been to require a user to manually update a web 
browser that has prestored web certificates that expire at later dates. Typically, web 
servers will detect old web browser versions through, for example, web identification 

1 5 tags embedded in headers and identify a link (e.g., URL) to the site that may contain a 
new version of a web server. The user then typically clicks on a URL to connect to the 
site containing the new software version and downloads the new web browser containing 
web certificates with expiry periods later than those on previous web browser versions. 

20 Alternatively, other solutions have included automatically detecting the version of 

the web browser based on the ID tag in the HTTP headers prior to setting up a secure 
session and identifying a site for a user to connect with to install the new root CA 
certificate in their browser. In addition, it is generally known to provide automatic 
software upgrades based on internal timers that a software application may have 

25 embedded therein, to notify the user to perform a manual update. 

However, a problem arises with such techniques since, inter alia, a user typically 
is denied a secure session and is additionally required to manually obtain an upgrade 
version of a web server. Accordingly, when a user installs a new version of a web 
30 browser it is typically not possible for a web site to know that the web browser has the 
new root CA certificate without establishing an SSL connection or other suitable secure 
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session that requires the use of a new root CA certificate. This problem can be overcome 
by issuing a cookie to the user's browser. The next time the user visits the site, the server 
can check for the cookie. If the cookie exists, the server knows that the user has installed 
the new root CA certificate. However, other sites that also require the new root CA 
5 certificate cannot read that cookie. As such, each different server in a different domain 
may not be able to identify that the user has already installed the new root CA certificate. 

Consequently, there exists a need for a method and system that facilitates the 
updating of data, such as web certificates, or other data, and allows a user to install or 
1 0 update the data and have the update recognized by differing server domains that 
participate in the system. 



15 Brief Description Of The Drawings 

The invention and its various aspects will be more readily understood in view of 
the following drawings, wherein: 

FIG. 1 is a block diagram illustrating one example of a system for updating data 
20 in accordance with one embodiment of the invention; 

FIG. 2 is a flow chart illustrating one example of the operation of the system of 

FIG. 1; and 

FIG. 3 is a block diagram of the system of FIG. 1 wherein a first update has 
already occurred. 

25 

Detailed Description Of The Preferred Embodiment 

Briefly, a method and system for updating data, such as root CA certificates, 
software applications, or other data, detects a need to update data based on a 
30 communication between a first processing entity, such as a computer with a web browser, 
and another processing entity, such as a web server. The web server detects the need to 
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update data and automatically redirects communication from the first processing entity 
and the second processing entity, so that the first processing entity communicates with a 
third processing entity. The third processing entity provides updated data, such as a new 
version of a web browser or other software application, and also provides update 
complete data indicating that the software, web browser or other data has been updated. 
The update complete data is provided for the second processing entity so that the second 
processing entity will suitably perform the process requested by the first processing 
entity. 

For example in an embodiment applied to a system employing web certificates, 
the web browser contacts the web server, the web server, upon detecting an unsuitable 
version of web browser, notifies the web browser to go obtain new embedded web 
certificates. Accordingly, the web server automatically redirects the web browser to a 
third server such as a software update control server. The software update controller 
contains the latest version of the software, root CA certificate, or other data required by 
the web server. The web browser obtains a cookie from the software update controller, 
as well as a message for the web server embedded in an URL. The message in the URL 
from the software update controller is detected by the web server so that the web server 
1) can issue it's own cookie to the browser to indicate that the upgrade has been complete 
and 2) trusts that the web browser has the unexpired web certificate or other updated data. 

The systems and methods may be employed to update the software in different 
versions, provide unexpired root CA certificates, or provide any other suitable data. The 
system allows a user that has updated the root CA certificates to connect to a different 
site after upgrading wherein the different site detects if the data has already been 
upgraded or a new CA certificate downloaded to a web browser by detecting the 
universal cookie from the software update controller . For example, a first time through, 
a user manually inserts the new root CA certificate in the web browser. The next time 
the user accesses a site that is in the program, it will be automatic. The different web 
servers cannot typically detect a 'universal cookie' of any sort. The browser gets a cookie 
and a special message [WHAT IS THE MESSAGE NAME IN THE FIGS?] encoded 



in the URL, or inserted into the HTTP headers, from the software update controller. The 
web server detects the special message in the URL or the HTTP headers, not in the 
cookie. The webserver then sets its own cookie for identification at a later date. 

FIG. 1 illustrates a system 100 for updating data that includes first processing 
entities 102a-l-2n, such as devices containing a web browser, second processing entities 
104a-104n, such as web servers, and a third processing entity 106, such as a software 
update controller (e.g., another server). The third processing entity 106 is preferably in 
operative communication with only the first processing entities 102a-102n. Also in a 
preferred embodiment, the plurality of second processing entities 104a-104n are in 
operative communication with the first processing entities 102a-102n but are not in 
communication with the third processing entity 106. For purposes of illustration and not 
limitation, the disclosed invention will be described with reference to an Internet-based 
system that employs web certificates as the data to be updated. However, it will be 
recognized that the invention may be applicable to any suitable information security 
system such as wireless communication systems, intranet based systems, any systems 
requiring updating of versions of software, or any other suitable system. 

Each of the second processing entities 104a-104n include a common gateway 
interface 108. Similarly, the third processing entity 106, configured as a software update 
controller, also includes a common gateway interface 110. The common gateway 
interfaces 108, 1 10 may be any suitable software modules, hardware circuits or any 
suitable combination thereof. A common gateway interface, as known in the art of web 
servers, may include, for example, an external gateway program to interface with 
information servers such as HTTP servers, in compliance with the standard as may be 
found at Web address- http://hoohoo.ncsa.uiuc.edu/cgi/overview.html. 

Referring to FIGS. 1 and 2, in operation, the first processing entity 102a generates 
a connection request 1 12 to the second processing entity 104a to initiate communication 
with the second processing entity 104a. This is shown in block 200. As shown in block 
202, the second processing entity 104a receives the connection request 112. The second 



processing entity 104a detects a need to update data, such as a need to update web 
certificates, version of a software application, or any other suitable data, for the first 
processing entity 102a based on the communication, such as the connection request 1 12. 
In this embodiment, detecting the need to update data includes determining whether the 

5 connection request 1 1 2 includes a cookie (cookiew S ) (or other suitable tag data) 

previously provided from the second processing entity 104a, as shown in block 204. For 
example, where the connection request includes, for example, a URL associated with the 
second processing entity, a header with, for example, a browser ID tag, and if present, the 
cookie of the second processing entity stored by the first processing entity. The second 

1 0 processing entity 1 04 receives the connection request header and checks for whether or 
not there is a second processing entity cookie. If there is no second processing entity 
cookie (for example cookie^), the method includes generating and sending a redirect 
command back to the first processing entity as shown in block 206. For example, the 
second processing entity automatically redirects the communication from the first 

1 5 processing entity and the second processing entity to the first processing entity and the 
third processing entity by, for example, the second processing entity sending the 
universal resource locator (URL SWUC ) associated with the third processing entity, and a 
return address associated with the second processing entity (return address ws ). 
Accordingly, the automatic redirecting is done under control of the second processing 

20 entity. The redirect command is shown as command 114 (FIG. 1). 

The first processing entity, in response to the redirect command 114, generates a 
connection request 1 16 to the third processing entity 106. This is shown in block 208. 
This redirection is done transparently to the user of the first processing entity. As shown 

25 in block 210, the third processing entity 106 receives the redirected connection request 
116. The connection request to the software update controller may include, for example, 
the URL of the software update controller (URLswuc), a header with the cookie of the 
software update controller (cookieswuc)if it exists, and the return address (return 
addressws) associated with the second processing entity, such as a web server. The third 

30 processing entity 106 then checks the connection request 1 1 6 for its own cookie as shown 
in block 212. 
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If the connection request does not include the appropriate cookie (cookieswuc) for 
the software update controller 106, the software update controller 106 recognizes that this 
may be the first update request required by the first processing entity. Where the 
5 redirected connection request 116 does not include the cookie of the destination 

processing entity, the third processing entity sends update instructions 1 18 to the first 
processing entity along with a request for a confirmation of completion of an update. 
This may be done, for example, by requesting the user to activate a GUI interface 
confirmation of update button. The update instructions, as shown in block 216, may 
10 include, for example, instructions to be displayed for the user to select which version of 
the software to update to or which web certificates should be embedded in the web 
! 3 browser and whether the new version of the web browser, or other data from the third 

p processing entity was received by the first processing entity. Accordingly, the third 

m processing entity causes the first processing entity to display instructions for the user to 

1 5 follow so that the appropriate version of the software is updated or provided to the first 
O processing entity. The user then selects the confirmation button to indicate that the 

* 4 version has been selected and an update has been completed. This update confirmation 

[H data 1 20 is then sent from the first processing entity to the third processing entity in 

O response to receiving the request for confirmation of the completion of an update. The 

5 20 update confirmation data 120 may include, for example, the URL of the third processing 
entity (URLswuc), a header with the return address of the second processing entity, and 
upgrade complete data indicating that the upgrade has been completed. The update 
instruction includes the new version of the software which may be communicated in any 
suitable form, such as encrypted using a public key encryption engine, symmetric key 
25 encryption engine or any other suitable encryption technique. 

As shown in block 218, the third processing entity receives the update 
confirmation data 120 and parses the header to verify that the upgrade is complete. More 
particularly, the third processing entity checks to detect that the update complete data is 
30 included in the update confirmation data indicating that the first processing entity has 
properly received and suitably upgraded its web certificates, software, or other data in 

8 



accordance with the update instruction 1 1 8. The third processing entity parses the 
header, for example, to see that the upgrade complete data and that the cookie associated 
with the software update controller for that particular update has been set in the first 
processing entity. The third processing entity therefore sets the cookie in the first 

5 processing entity. The third processing entity then sends an update complete and redirect 
command 122 back to the first processing entity, for detection by the second processing 
entity. This update complete data and redirect command 122 contains, for example, a 
redirect command back to the second processing entity which may include, for example, 
the URL of the second processing entity along with data representing that the third 

10 processing entity cookie has been set in the first processor. As shown in block 220, the 
first processor generates another connection request 124 to the second processor 
indicating that the software update is complete. For example, this includes the URL of 
the second processing entity, and a header with the data software cookie set equal "yes" 
as provided by the third processing entity. As shown in block 222, the second processing 

1 5 entity receives the connection request 124, parses the (as noted above, this information 
may be in the URL, or in the headers, depending on the type of CGI request - POST or 
GET) header to detect the cookieswuc set equal yes, and then sets the cookie of the 
second processing entity in the first processing entity through communication 126. The 
process continues as needed for other processing entities and other second processing 

20 entities, as desired. 

As applied to a system requiring web certificates, the first processing entity is a 
web browser that is operative to request a connection with the web server 104a. The web 
server 104a detects a need to update web certificate data based on the request for a 

25 connection from the web browser by determining, for example, that no cookie associated 
with the software update controller 106 has been provided to the web browser 104a. The 
web browser 104a automatically redirects communication from the web browser 104a 
and the web server, to the web browser and the web certificate update controller in 
response to detecting the need to update the web certificate. The web server, for 

30 example, sends the universal resource locator associated with the web certificate update 
controller, and other information, as desired, to automatically force the first processing 
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entity to communicate with the software update controller. The software update 
controller 106, may be a web certificate update controller that contains new versions of 
web browsers that contain web certificates having later expiry periods, for example. The 
web certificate update controller provides web certificate update complete data 122 for 
5 the web server through the web browser. 

FIG. 3 represents, for example, where a different second processing entity is 
being contacted by the first processing entity that has already updated the software or 
web certificates. In this example, since the web browser already contains the updated 
10 web certificates, there is no need for the software update controller to request the user to 
respond to instructions. In this case, where no cookie is detected for the particular web 
server, for a given domain, the software update controller will send update complete data 
in response to the redirected command. 

1 5 Accordingly, among other advantages, the disclosed system and methods provide 

an automatic redirection of communication to a third party entity for data updates, such 
as web certificate updates or other software updates by, for example, embedding a third 
party cookie as recognized by all servers irrespective of their different domain. In 
addition, communication to obtain the software update is redirected and transparent to a 

20 user, so that the user need not activate communication to obtain the necessary updates. 
A person manually follows the instructions at the software update server. After they 
finish the instructions, they are taken back to the web server they were originally visiting. 

It should be understood that the implementation of other variations and 
25 modifications of the invention in its various aspects will be apparent to those of ordinary 
skill in the art, and that the invention is not limited by the specific embodiments 
described. It is therefore contemplated to cover by the present invention, any and all 
modifications, variations, or equivalents that fall within the spirit and scope of the basic 
underlying principles disclosed and claimed herein. 
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Claims 

What Is Claimed Is: 

1 . A method for updating data for a first processing entity, for detection by at least a 
second processing entity comprising the steps of: 

detecting a need to update data for the first processing entity, based on a 
communication with the second processing entity; 

automatically redirecting, communication from the first processing entity 
and the second processing entity, to the first processing entity and a third 
processing entity, under control of the second processing entity, in response to 
detecting the need to update data ; and 

providing update complete data, under control of the third processing 
entity, for the second processing entity. 

2. The method of claim 1 including the step of providing updated data for the first 
processing entity, by the third processing entity. 

3. The method of claim lincluding the step of providing update confirmation data 
from the first processing entity to the third processing entity. 

4. The method of claim 1 wherein the step of providing update complete data 
includes providing the update complete data for the second processing entity, by 
way of the first processing entity. 

5. The method of claim 1 wherein the step of providing update complete data 
includes providing the update complete data to the second processing entity. 

6. The method of claim 1 including the step of determining whether a connection 
request between the first processing entity and the second processing entity 
includes a cookie associated with the second processing entity. 
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The method of claim 1 wherein the data includes certificate data and wherein the 
method also includes determining whether a certificate update should occur for 
the first processing entity based on whether cookies have been received by the 
first processing entity from the second and third processing entities. 

The method of claim 1 further including the step of automatically redirecting 
communication from the first processing entity and the third processing entity to 
the first processing entity and the second processing entity based on update 
confirmation data. 

The method of claim 1 wherein the step of automatically redirecting 
communication from the first processing entity further includes the step of 
sending, by the second processing entity, a uniform resource locator of the third 
processing entity, to the first processing entity in response to the second 
processing entity detecting the need to update data for the first processing entity. 

The method of claim 9 including the steps of: 

sending, by the third processing entity, update instructions to the first 
processing entity and a request for confirmation of completion of an update; 

sending, by the first processing entity, update confirmation data to the 
third processing entity in response to receiving the request for confirmation of 
completion of an update. 

The method of claim 1 wherein the step of providing update complete data under 
control of the third processing entity includes sending a redirect command back to 
the first processing entity, by the third processing entity, to direct the update 
complete data to the second processing entity, and wherein the method further 
includes the step of sending, in response to the update complete data, a cookie 
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from the second processing entity to the first processing entity to confirm 
acceptance of the update. 
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A method for updating data for a first processing entity, for detection by at least a 
second processing entity comprising the steps of: 

receiving an automatically redirected communication from a first 
processing entity and a second processing entity, redirected from a first 
processing entity and a third processing entity, under control of the second 
processing entity, in response to a detection of a need to update data for the first 
processing entity; and 

providing update complete data, under control of the third processing 
entity, for the second processing entity. 

The method of claim 12 including the steps of: 

sending, by the third processing entity, update instructions to the first 
processing entity and a request for confirmation of completion of an update; 

sending, by the first processing entity, update confirmation data to the 
third processing entity in response to receiving the request for confirmation of 
completion of an update. 



14 



A method for updating certificates for use by a web browser, for detection by at 
least a web server comprising the steps of: 

detecting a need to update web certificate data for the web browser, based 
on a communication with the web server; 

automatically redirecting, communication from the web browser and the 
web server, to the web browser and a processing entity, under control of the web 
server, in response to detecting the need to update data, by the web server sending 
a universal resource locator associated with the processing entity to the web 
browser; and 

providing web certificate update complete data, under control of the 
processing entity, for the web server. 

The method of claim 10 including the step of providing updated web certificate 
data for the web browser, by the processing entity in response to the redirected 
communication.. 

The method of claim 10 including the step of providing web certificate update 
confirmation data from the web browser to the processing entity. 

The method of claim 10 wherein the step of providing web certificate update 
complete data includes providing the certificate update complete data for the web 
server, by way of [through] the web browser. 

The method of claim 10 including the step of determining whether a connection 
request between the web browser and the web server includes a cookie associated 
with the web server. 

The method of claim 10 including determining whether a certificate update should 
occur for the web browser based on whether cookies have been received by the 
web browser from the web server and third processing entity. 
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10 

22. 
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The method of claim 10 further including the step of automatically redirecting 
communication from the web browser and the processing entity to the web 
browser and the web server based on update confirmation data. 

The method of claim 14 including the steps of: 

sending, by the processing entity, update instructions to the web browser 
and a request for confirmation of completion of an update; 

sending, by the web browser, update confirmation data to the processing 
entity in response to receiving the request for confirmation of completion of an 
update. 



The method of claim 14 wherein the step of providing web certificate update 
complete data under control of the processing entity includes sending a redirect 
command back to the web browser, by the processing entity, to direct the update 
complete data to the web server, and wherein the method further includes the step 
of sending, in response to the update complete data, a cookie from the web server 
to the web browser to confirm acceptance of the web certificate update. 
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A web certificate system comprising: 

a web browser operative to request a connection with a web server; 

the web server, operative to detect a need to update web certificate data 
based on the request for connection from the web browser wherein the web 
browser automatically redirects communication from the web browser and the 
web server, to the web browser and a web certificate update controller in response 
to detecting the need to update data, by the web server sending a universal 
resource locator associated with the web certificate update controller; and 

the web certificate update controller, in operative communication with the 
web browser, that provides web certificate update complete data for the web 
server. 

The system of claim 23 wherein the web certificate update controller provides 
updated web certificate data for the web browser in response to the redirected 
communication. 

The system of claim 23 wherein the web browser provides web certificate update 
confirmation data to the web certificate update controller. 

The system of claim 23 wherein the web certificate update controller provides 
web certificate update complete data by way of the web browser. 

The system of claim 23 wherein the web server determines whether a certificate 
update should occur for the web browser based on whether cookies have been 
received by the web browser from the web server and the software update 
controller. 
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METHOD AND APPARATUS FOR UDATING WEB CERTIFICATES 



Abstract Of The Disclosure 



5 A method and system for updating data, such as web certificates, software 

applications, or other data, detects a need to update data based on a communication 
between a first processing entity, such as a computer with a web browser, and another 
processing entity, such as a web server. The web server detects the need to update data 
and automatically redirects communication from the first processing entity and the 

1 0 second processing entity, so that the first processing entity communicates with a third 
processing entity. The third processing entity provides updated data, such as a new 
version of a web browser or other software application, and also provides update 
complete data indicating that the software, web browser or other data has been updated. 
The update complete data is provided for the second processing entity so that the second 

1 5 processing entity will suitably perform the process requested by the first processing 
entity. 
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Attorney Docket Number 0500.9907201 
First Named Inventor Robert Everett Parkhill 

COMPLETE IF KNOWN 
Application Number 
Filing Date 
Group Art Unit 
Examiner Name 



As a below named inventor, I hereby declare that: 

My residence, post office address, and citizenship are as stated below next to my name. 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first and joint 

inventor (if plural names are listed below) of the subject matter which is claimed and for which a patent is sought on the 

invention entitled: Method and Apparatus for Updating Web Certificates 

the specification of which: 

H is attached hereto. 

□ was file on (MM/DD/YYYY) as United States Application Number or PCT International Application 
Number and was amended on (MMZDD/YYYY) (if applicable). 

I hereby state that I have reviewed and understand the contents of the above identified specification, including the 
claims, as amended by any amendment specifically referred to above. 

I acknowledge the duty to disclose information which is material to patentability as defined in 37 CFR 1.56. 

I hereby claim foreign priority benefits under 35 U.S.C. 1 19(a)-(d) or 365(b) of any foreign applications) for patent or inventor's certificate, or 365(a) 
of any PCT international application which designated at least one country other than the United States of America, listed below and have also 
identified below, by checking the box, any foreign application for patent or inventor's certificate, or of any PCT international application having a 



Prior Foreign 
Application Number(s) 


Country 


Foreign Filing Date 
(MM/DD/YYYY) 


Priority Not 
Claimed 


Certified Copy Attached? 
YES NO 








□ 


u □ 








□ 


u □ 



I hereby claim the benefit under 35 U.S.C. 119(e) of any United States provisional applications) listed below. 



Application Number(s) 



Filing Data (MM/DD/YYYY) 



TJ 



Additional provisional application numbers are listed on a supplemental priority data sheet PTO/SB/02B attached hereto. 



I hereby claim the benefit under 35 U.S.C. 120 of any United States applications), or 365(c) of any PCT international application designating the 
United States of America, listed below and, insofar as the subject matter of each of the claims of this application is not disclosed in the prior United 
States or PCT International application in the manner provided by the first paragraph of 35 U.S.C. 1 12, 1 acknowledge the duty to disclose 
information which is material to patentability as defined in 37 CFR 1.56 which became available between the filing date of the prior application and 



ILS* Parent Application or PCT 
Parent Number 


Parent Filing Date 
(MM/DD/YYYY) 


Parent Patent Number 
(if applicable) 















Client No. 



As a named inventor, I hereby appoint the following registered practitioners) to prosecute this application and to 



transact all 


business in the Patent and Trademark Office connected therewith ■ 


Name 


Registration Number 


Name 


Registration Number 


Timothy W. Markison 


33,534 


Christopher J. Reckamp 


34,414 


Paul M. Anderson 


39,896 















i sheet PTO/SB/02C attached hereto. 



Direct all correspondence to: 



Markison & Reckamp, PX. 
175 West Jackson Boulevard - Suite 1015 
Chicago, niinois 60604 
Telephone:312-939-9800 
Facsimile: 312-939-9828 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that 
willfol false statements and the like so made are punishable by fine or imprisonment, or both, under 18 U.S.G 1001 and 
that such willful false statements may jeopardize the validity of the application or any patent issued thereon. 



Name of Sole or First Inventor: 


Zl A petition has been filed for this unsigned inventor 


Given Name (first and middle [if anyl) 


Family Name or Surname 


Robert Everett m » 


Parkhill 


Inventor's 
Signature 


Mimil Date CcUJH/iw 


Residence 


aty: Nepean state: Ontario 


Country: Canada 1 Citizenship: Canadian 


Post Office Address 40 Largo Crescent 


City: Nepean | state: Ontario 


zip: K28 3C7 | country: Canada 



Name of Additional Joint Inventor: 



Given Name (first and middle [if anyl) 


Family Name or Surname 








Inventor's 
Signature 




Date 




Residence 


aty: 


State: 




Country: 




Citizenship: 


Post Office Address 




City: 




| State: 




ZIP: 


Country: 



Name of Additional Joint Inventor: 


□ A petition has been filed for this unsigned inventor 


Given Name (first and middle [if anyl) 


Family Name or Surname 








Inventor's 
Signature 


Date 




Residence 


City: State: 


Country: 


Citizenship: 


Post Office Address 


City: State: 


ZIP: Country: 



□ Additional inventors are being named on the supplemental Additional Inventors) sheets) PTO/SB/02 A attached hereto. 



PATENT APPLICATION 
0500.9907201 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
Inventor: Robert Everett Parkhill Art Group: 

Serial No. 

Filing Date: December 20, 1999 

Title: METHOD AND APPARATUS FOR UPDATING WEB CERTIFICATES 



Hon Commissioner of Certificate of First Class Mailing 

non. Lommitoiunci ui } ^ ^ ^ ^ fa bejng deposited with the 

Patents and Trademarks United States Postal Service as first-class mail in an 

U.S. Patent and Trademark Office envelope addressed to: Hon. Commissioner of Patents 

Washington D C 2023 1 and Trademarks, U.S. Patent & Trademark Office, 

° ' Washington, D.C.22231, on this date. 

Da/e Rosalie Swanson 

Dear Sir: 



CHANGE OF ADDRESS NOTIFICATION 



Please note the correct address of the attorney of record as follows: 

Christopher J. Reckamp 
Markison & Reckamp, P.C. 
P.O. Box 06229 
Wacker Drive 
Chicago, IL 60606-0229 

Please contact me at the below-listed telephone number if you have any questions 
or need additional information. 

Respectfully submitted, 



MARKISON & RECKAMP, P.C. 
By _ 

Date: December^, 1999 ChnstopherXReckamp 



MARKISON & RECKAMP, P.C. 

P.O. Box 06229 

Wacker Drive 

Chicago, IL 60606-0229 

(312) 939-9800; FAX: (312) 939-9828 



Registration No 34,414 



